web statisticsweb stats

Business Phone Systems

Forums Active Threads
Previous Thread
Next Thread
Print Thread
Rate Thread
Weird Incoming Calls
#544321 01/25/13 06:03 PM
Joined: Feb 2010
Posts: 581
Likes: 6
Bradley County, Tennessee, USA
telecom guy10
Offline
Member
****
telecom guy10
Member
****
Offline
Joined: Feb 2010
Posts: 581
Likes: 6
Bradley County, Tennessee, USA
Hello all, I have an Asterisk telephony platform running on a CentOS Trixbox package on VirtualBox on my MacBook Pro with a whole bunch of DIDs from CallCentric. I always check the call log for anything unusual when I get home, and I noticed these calls on the CLI:

Code
    -- Executing [00972592225857@from-pstn:1] Set("SIP/98.90.95.65-00000132", "__FROM_DID=00972592225857") in new stack
    -- Executing [00972592225857@from-pstn:2] NoOp("SIP/98.90.95.65-00000132", "Received an unknown call with DID set to 00972592225857") in new stack
    -- Executing [00972592225857@from-pstn:3] Goto("SIP/98.90.95.65-00000132", "s,a2") in new stack
    -- Goto (from-pstn,s,2)
    -- Executing [s@from-pstn:2] Answer("SIP/98.90.95.65-00000132", "") in new stack
  == Spawn extension (from-pstn, s, 2) exited non-zero on 'SIP/98.90.95.65-00000132'
    -- Executing [h@from-pstn:1] Hangup("SIP/98.90.95.65-00000132", "") in new stack
  == Spawn extension (from-pstn, h, 1) exited non-zero on 'SIP/98.90.95.65-00000132'
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
  == Using SIP VRTP TOS bits 136
  == Using SIP VRTP CoS mark 6
    -- Executing [000972592225857@from-pstn:1] Set("SIP/98.90.95.65-00000133", "__FROM_DID=000972592225857") in new stack
    -- Executing [000972592225857@from-pstn:2] NoOp("SIP/98.90.95.65-00000133", "Received an unknown call with DID set to 000972592225857") in new stack
    -- Executing [000972592225857@from-pstn:3] Goto("SIP/98.90.95.65-00000133", "s,a2") in new stack
    -- Goto (from-pstn,s,2)
    -- Executing [s@from-pstn:2] Answer("SIP/98.90.95.65-00000133", "") in new stack
  == Spawn extension (from-pstn, s, 2) exited non-zero on 'SIP/98.90.95.65-00000133'
    -- Executing [h@from-pstn:1] Hangup("SIP/98.90.95.65-00000133", "") in new stack
  == Spawn extension (from-pstn, h, 1) exited non-zero on 'SIP/98.90.95.65-00000133'
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
  == Using SIP VRTP TOS bits 136
  == Using SIP VRTP CoS mark 6
    -- Executing [900972592225857@from-pstn:1] Set("SIP/98.90.95.65-00000134", "__FROM_DID=900972592225857") in new stack
    -- Executing [900972592225857@from-pstn:2] NoOp("SIP/98.90.95.65-00000134", "Received an unknown call with DID set to 900972592225857") in new stack
    -- Executing [900972592225857@from-pstn:3] Goto("SIP/98.90.95.65-00000134", "s,a2") in new stack
    -- Goto (from-pstn,s,2)
    -- Executing [s@from-pstn:2] Answer("SIP/98.90.95.65-00000134", "") in new stack
    -- Executing [s@from-pstn:3] Wait("SIP/98.90.95.65-00000134", "2") in new stack
  == Spawn extension (from-pstn, s, 3) exited non-zero on 'SIP/98.90.95.65-00000134'
    -- Executing [h@from-pstn:1] Hangup("SIP/98.90.95.65-00000134", "") in new stack
  == Spawn extension (from-pstn, h, 1) exited non-zero on 'SIP/98.90.95.65-00000134'
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
  == Using SIP VRTP TOS bits 136
  == Using SIP VRTP CoS mark 6
    -- Executing [011972592225857@from-pstn:1] Set("SIP/98.90.95.65-00000135", "__FROM_DID=011972592225857") in new stack
    -- Executing [011972592225857@from-pstn:2] NoOp("SIP/98.90.95.65-00000135", "Received an unknown call with DID set to 011972592225857") in new stack
    -- Executing [011972592225857@from-pstn:3] Goto("SIP/98.90.95.65-00000135", "s,a2") in new stack
    -- Goto (from-pstn,s,2)
    -- Executing [s@from-pstn:2] Answer("SIP/98.90.95.65-00000135", "") in new stack
  == Spawn extension (from-pstn, s, 2) exited non-zero on 'SIP/98.90.95.65-00000135'
    -- Executing [h@from-pstn:1] Hangup("SIP/98.90.95.65-00000135", "") in new stack
  == Spawn extension (from-pstn, h, 1) exited non-zero on 'SIP/98.90.95.65-00000135'
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
  == Using SIP VRTP TOS bits 136
  == Using SIP VRTP CoS mark 6
    -- Executing [810972592225857@from-pstn:1] Set("SIP/98.90.95.65-00000136", "__FROM_DID=810972592225857") in new stack
    -- Executing [810972592225857@from-pstn:2] NoOp("SIP/98.90.95.65-00000136", "Received an unknown call with DID set to 810972592225857") in new stack
    -- Executing [810972592225857@from-pstn:3] Goto("SIP/98.90.95.65-00000136", "s,a2") in new stack
    -- Goto (from-pstn,s,2)
    -- Executing [s@from-pstn:2] Answer("SIP/98.90.95.65-00000136", "") in new stack
  == Spawn extension (from-pstn, s, 2) exited non-zero on 'SIP/98.90.95.65-00000136'
    -- Executing [h@from-pstn:1] Hangup("SIP/98.90.95.65-00000136", "") in new stack
  == Spawn extension (from-pstn, h, 1) exited non-zero on 'SIP/98.90.95.65-00000136'

and later on (there is no time stamp on the CLI) it occurred again:

Code
  -- Executing [00972592225857@from-pstn:1] Set("SIP/98.90.95.65-00000137", "__FROM_DID=00972592225857") in new stack
    -- Executing [00972592225857@from-pstn:2] NoOp("SIP/98.90.95.65-00000137", "Received an unknown call with DID set to 00972592225857") in new stack
    -- Executing [00972592225857@from-pstn:3] Goto("SIP/98.90.95.65-00000137", "s,a2") in new stack
    -- Goto (from-pstn,s,2)
    -- Executing [s@from-pstn:2] Answer("SIP/98.90.95.65-00000137", "") in new stack
  == Spawn extension (from-pstn, s, 2) exited non-zero on 'SIP/98.90.95.65-00000137'
    -- Executing [h@from-pstn:1] Hangup("SIP/98.90.95.65-00000137", "") in new stack
  == Spawn extension (from-pstn, h, 1) exited non-zero on 'SIP/98.90.95.65-00000137'
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
  == Using SIP VRTP TOS bits 136
  == Using SIP VRTP CoS mark 6
    -- Executing [000972592225857@from-pstn:1] Set("SIP/98.90.95.65-00000138", "__FROM_DID=000972592225857") in new stack
    -- Executing [000972592225857@from-pstn:2] NoOp("SIP/98.90.95.65-00000138", "Received an unknown call with DID set to 000972592225857") in new stack
    -- Executing [000972592225857@from-pstn:3] Goto("SIP/98.90.95.65-00000138", "s,a2") in new stack
    -- Goto (from-pstn,s,2)
    -- Executing [s@from-pstn:2] Answer("SIP/98.90.95.65-00000138", "") in new stack
  == Spawn extension (from-pstn, s, 2) exited non-zero on 'SIP/98.90.95.65-00000138'
    -- Executing [h@from-pstn:1] Hangup("SIP/98.90.95.65-00000138", "") in new stack
  == Spawn extension (from-pstn, h, 1) exited non-zero on 'SIP/98.90.95.65-00000138'
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
  == Using SIP VRTP TOS bits 136
  == Using SIP VRTP CoS mark 6
    -- Executing [900972592225857@from-pstn:1] Set("SIP/98.90.95.65-00000139", "__FROM_DID=900972592225857") in new stack
    -- Executing [900972592225857@from-pstn:2] NoOp("SIP/98.90.95.65-00000139", "Received an unknown call with DID set to 900972592225857") in new stack
    -- Executing [900972592225857@from-pstn:3] Goto("SIP/98.90.95.65-00000139", "s,a2") in new stack
    -- Goto (from-pstn,s,2)
    -- Executing [s@from-pstn:2] Answer("SIP/98.90.95.65-00000139", "") in new stack
  == Spawn extension (from-pstn, s, 2) exited non-zero on 'SIP/98.90.95.65-00000139'
    -- Executing [h@from-pstn:1] Hangup("SIP/98.90.95.65-00000139", "") in new stack
  == Spawn extension (from-pstn, h, 1) exited non-zero on 'SIP/98.90.95.65-00000139'
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
  == Using SIP VRTP TOS bits 136
  == Using SIP VRTP CoS mark 6
    -- Executing [011972592225857@from-pstn:1] Set("SIP/98.90.95.65-0000013a", "__FROM_DID=011972592225857") in new stack
    -- Executing [011972592225857@from-pstn:2] NoOp("SIP/98.90.95.65-0000013a", "Received an unknown call with DID set to 011972592225857") in new stack
    -- Executing [011972592225857@from-pstn:3] Goto("SIP/98.90.95.65-0000013a", "s,a2") in new stack
    -- Goto (from-pstn,s,2)
    -- Executing [s@from-pstn:2] Answer("SIP/98.90.95.65-0000013a", "") in new stack
  == Spawn extension (from-pstn, s, 2) exited non-zero on 'SIP/98.90.95.65-0000013a'
    -- Executing [h@from-pstn:1] Hangup("SIP/98.90.95.65-0000013a", "") in new stack
  == Spawn extension (from-pstn, h, 1) exited non-zero on 'SIP/98.90.95.65-0000013a'
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
  == Using SIP VRTP TOS bits 136
  == Using SIP VRTP CoS mark 6
    -- Executing [810972592225857@from-pstn:1] Set("SIP/98.90.95.65-0000013b", "__FROM_DID=810972592225857") in new stack
    -- Executing [810972592225857@from-pstn:2] NoOp("SIP/98.90.95.65-0000013b", "Received an unknown call with DID set to 810972592225857") in new stack
    -- Executing [810972592225857@from-pstn:3] Goto("SIP/98.90.95.65-0000013b", "s,a2") in new stack
    -- Goto (from-pstn,s,2)
    -- Executing [s@from-pstn:2] Answer("SIP/98.90.95.65-0000013b", "") in new stack
  == Spawn extension (from-pstn, s, 2) exited non-zero on 'SIP/98.90.95.65-0000013b'
    -- Executing [h@from-pstn:1] Hangup("SIP/98.90.95.65-0000013b", "") in new stack
  == Spawn extension (from-pstn, h, 1) exited non-zero on 'SIP/98.90.95.65-0000013b'

Anyone ever seen anything like this before, or have any idea what it could be?

Any input is appreciated! laugh

Tennessee Technology Solutions, LLC | "Business technology solutions reimagined." | (423) 665-9995 | www.423tech.com
Atcom VoIP Phones
VoIP Demo

Best VoIP Phones Canada

Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.

Re: Weird Incoming Calls
telecom guy10 #544323 01/25/13 06:45 PM
Joined: Aug 2004
Posts: 1,766
Likes: 49
Calgary, AB, Canada
Toner Online: Content
Admin
*****
Toner
Admin
*****
Online: Content
Joined: Aug 2004
Posts: 1,766
Likes: 49
Calgary, AB, Canada
Looks like you have your SIP port (5060) exposed to the internet and a hacker is sending calls to see what they can get. If you had the context set to "from-internal" for your SIP trunks they would have been able to dial internationally through your system.

[Linked Image from web.atcomsystems.ca]
Looking for a VoIP Phone Canada provider? Put Atcom's valuable VoIP expertise to work for your business today!
Re: Weird Incoming Calls
telecom guy10 #544341 01/25/13 09:10 PM
Joined: Feb 2010
Posts: 581
Likes: 6
Bradley County, Tennessee, USA
telecom guy10
Offline
Member
****
telecom guy10
Member
****
Offline
Joined: Feb 2010
Posts: 581
Likes: 6
Bradley County, Tennessee, USA
All of my trunks are incoming only (I haven't purchased a payment plan) so I bid that hacker good luck! Unless he enjoys talking to "Your account doesn't have enough credit to make this call."

Thanks for your reply!

Tennessee Technology Solutions, LLC | "Business technology solutions reimagined." | (423) 665-9995 | www.423tech.com

Link Copied to Clipboard
Newest Topics
SBX IP320 access
by phoneguy10 - 07/20/25 11:20 AM
CIX 100 firmware
by ringtone - 07/20/25 12:01 AM
how do the toshiba cix100 ip licenses work
by ringtone - 07/18/25 10:11 PM
IP Office 9.0
by hitechcomm - 07/18/25 12:52 PM
Forum Statistics
Forums84
Topics94,569
Posts640,195
Members49,871
Most Online5,661
May 23rd, 2018
Newest Members
DennisSoCal, Mark Gee, LuigiE, FranzBos, Chuck Lowe
49,871 Registered Users
Top Posters(30 Days)
Toner 11
R4+Z 4
Who's Online Now
2 members (Toner, Keyset6), 40 guests, and 70 robots.
Key: Admin, Global Mod, Mod
Privacy Policy · Forum Rules · Mark All Read Contact Us · Forum Help · sundance-communications.com/forum
Contact Us | Sponsored by Atcom: One of the best VoIP Phone Canada Suppliers for your business telephone system!| Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers. Sundance Phone System Forums - VOIP & Cloud Phone Help
©Copyright Sundance Communications 1998 - 2025
Powered by UBB.threads™ PHP Forum Software 8.0.0